Category: Intrusion Prevention
Date & Time,18-Nov-17 23:08:41,
Risk,High,- An intrusion attempt by 78.140.179.99 was blocked.,
Activity Status,-Blocked,
Recommended Action,- No Action Required,
IPS Alert Name,- Web Attack: Exploit Kit Redirection 21,
Default Action,- No Action Required,
Action Taken,- No Action Required,
Attacking Computer,- "78.140.179.99, 80", also from 88.85.84.123 & 88.85.84.124
Attacker URL,- ralkipa.info/cdrive.js?t5vg9c=855352,
Destination Address,- "LUNXXXXX (192.168.1.40, 1176)",78.140.179.99,"TCP,www-http"
Source Address,- Network traffic from <b>ralkipa.info/cdrive.js?t5vg9c=855352</b> matches the signature of a known attack.
Traffic Description,- The attack was resulted from \DEVICE\HARDDISKVOLUME5\GAMES\WORLD_OF_TANKS\RES\CEF\CEF_BROWSER_PROCESS.EXE.
I got this aswell & this is what I got from 3 different IP's